package com.atxyj.springsecurity.security.filter;

import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * @author xieyujiao
 * @description 用来解决认证过的用户访问无权限资源时的异常
 * @date 2021/7/30
 */
public class JwtAccessDeniedHandler implements AccessDeniedHandler {

    /**
     *当用户访问需要权限才能访问的rest资源而权限不足时，将调用此方法发送403响应以及错误信息
     */
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        MessageSourceAccessor messages;
        accessDeniedException = new AccessDeniedException("Sorry you don not enough permissions to access it");
        response.sendError(HttpServletResponse.SC_FORBIDDEN, accessDeniedException.getMessage());

    }
}
